Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Running Untrusted Code in Node
Search
Dave Wasmer
February 25, 2014
Technology
0
320
Running Untrusted Code in Node
Running untrusted code in Node in a safe mode while handling the lode.
Dave Wasmer
February 25, 2014
Tweet
Share
More Decks by Dave Wasmer
See All by Dave Wasmer
The Future is Now: Ember in 2018
davewasmer
0
97
UX Mental Models
davewasmer
4
490
Enterprise and Mobile Web
davewasmer
0
79
Kinvey @ PhoneGap Day US
davewasmer
1
160
Other Decks in Technology
See All in Technology
dbt開発 with Claude Codeのためのガードレール設計
10xinc
2
1.3k
「何となくテストする」を卒業するためにプロダクトが動く仕組みを理解しよう
kawabeaver
0
430
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
4
10k
MagicPod導入から半年、オープンロジQAチームで実際にやったこと
tjoko
0
110
テストを軸にした生き残り術
kworkdev
PRO
0
220
はじめてのOSS開発からみえたGo言語の強み
shibukazu
3
980
なぜテストマネージャの視点が 必要なのか? 〜 一歩先へ進むために 〜
moritamasami
0
240
自作JSエンジンに推しプロポーザルを実装したい!
sajikix
1
190
今日から始めるAWSセキュリティ対策 3ステップでわかる実践ガイド
yoshidatakeshi1994
0
120
Automating Web Accessibility Testing with AI Agents
maminami373
0
1.3k
「Linux」という言葉が指すもの
sat
PRO
4
140
【NoMapsTECH 2025】AI Edge Computing Workshop
akit37
0
230
Featured
See All Featured
Designing for Performance
lara
610
69k
How GitHub (no longer) Works
holman
315
140k
Docker and Python
trallard
46
3.6k
A better future with KSS
kneath
239
17k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
127
53k
Producing Creativity
orderedlist
PRO
347
40k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
850
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.7k
The World Runs on Bad Software
bkeepers
PRO
70
11k
Faster Mobile Websites
deanohume
309
31k
Transcript
Running untrusted code in Node in a safe mode while
handling the lode
lode?
Dave Wasmer @davewasmer Developer @ Kinvey yep, this slide …
Kinvey Backend as a service … and this one.
What goes into backend as a service?
None
Lots o’ stuff • Data storage • User management •
Twitter, Facebook, G+, LinkedIn • OAuth, LDAP, Active Directory • File storage • don’t forget CDN delivery • Push notifications • Emails • 3rd Party API Integration • Analytics • a whole lot more ..
What if CRUD ain’t enough?
enter: Business Logic!
Run your code on our servers
Custom JavaScript execution?!
eval(customerCode); // Genius, mirite? NO!
The Problem We needed a safe, scalable way to run
arbitrary (possibly malicious) JavaScript on our servers.
Safety • Can’t allow access to: • filesystem • shared
memory • Kinvey internals • State is evil!
Scalablity • Needs to scale horizontally • i.e. spin up
new instances on-demand • automatically add to resource pool • Optimize for usage • not running huge computations - short, frequent bursts of activity • 2x per API request is possible!
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability Work Master Child Child Child Child
Safety Concerns • How to run arbitrary JS code? •
Three issues • System access (filesystem, network, etc) • Application access (application state, data, etc) • Stupidity / DoS (while (true), forgot to signal async completed)
System access • Filesystem • Severely limited or none •
Network • Partially limited
Our solution to system access ! // Setting things up
! try { script = vm.createScript(codeAsStr); } catch (e) { // syntax error! } ! sandbox = generateNewSandbox()
generateNewSandbox = function(){ ! var sandbox = {}; sandbox.complete =
function(){ runNextTask(); }; sandbox.whateverYouWant = function(){ ... } return sandbox; ! } Our solution to system access
! // Running the untrusted script try { script.runInNewContext(sandbox) }
catch (e) { // e will be any immediate (synchronous) // runtime errors } Our solution to system access
Application access • Data • Permissions
Our solution to application access ! // inside generateNewSandbox() !
sandbox.db = { find: function(query, callback) { // do db stuff callback(null, result) // <- Careful! }, ... }
Stupidity / DoS • while (true) {} // single-threaded ftw!
• function onPreSave(req, res, modules) { doSomeAsyncStuff() } // kthxbai • function doSomeAsyncStuff() { setTimeout(function(){ throw new Error() }, 100000); // muhahaha }
Our solution to stupidity / DoS Work Master Child Child
Child Child
Our solution to stupidity / DoS Work Master Child Child
Child Child
Our solution to stupidity / DoS ! // For handling
callback errors process.on(‘uncaughtException’, function(){ // handle it here });
Wrap-up